SB20260528185 - Deadlock in Linux kernel quota
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Deadlock (CVE-ID: CVE-2026-45895)
CWE-ID: CWE-833 - Deadlock
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a livelock condition in quotactl_block() when waiting for a frozen filesystem to thaw. A local user can repeatedly toggle quota operations during filesystem freeze activity to cause a denial of service.
The issue is reliably triggered on non-preemptible kernels when the freezer and quota operations run on the same CPU.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/02bb1500f1479750e6557c8044f6a2d7e9d30c12
- https://git.kernel.org/stable/c/37ccd48cf35f3c8b9f2ea961a7b486b91eb71a82
- https://git.kernel.org/stable/c/414259caf81a397563fc9baca9c0ef856c4a97cf
- https://git.kernel.org/stable/c/53b2314b26b6640a3657cc924de63a1a8f26ac4d
- https://git.kernel.org/stable/c/77449e453dfc006ad738dec55374c4cbc056fd39